Daily NCSC-FI news followup 2021-04-26

Valtion virastoihin tietomurto Kiina vastaavien iskujen takana, viranomainen vaitelias

www.is.fi/digitoday/tietoturva/art-2000007942369.html Ohjelmistoaukon kautta tehty hyökkäys herättää paljon kysymyksiä, mutta vastaukset ovat niukkoja.

Petos­tehtailijoiden epäillään käyttäneen hyväkseen OmaPostia ja taksi­sovellusta saaliiksi kymmeniä­tuhansia euroja

www.is.fi/digitoday/tietoturva/art-2000007942423.html Kahta vangittuna ollutta miestä epäillään törkeästä tietomurrosta, tietosuojarikoksesta ja yhteensä 46 petosrikoksesta OmaPosti – -sovellukseen liittyen.

Despite arrests in Spain, FluBot operations explode across Europe and Japan

therecord.media/despite-arrests-in-spain-flubot-operations-explode-across-europe-and-japan/ Cyber-security agencies in Germany and the UK warned the general public this month about a spike in SMS spam messages spreading the FluBot Android malware. New intelligence shared this week suggests that FluBot distributors have already expanded operations and have launched SMS spam campaigns targeting users in other countries, including Japan, Italy, Norway, Sweden, Finland, Denmark, Poland, and the Netherlands. also:

www.zdnet.com/article/this-password-stealing-android-malware-is-spreading-quickly-heres-watch-to-watch-out-for/

Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders – Alert (AA21-116A)

us-cert.cisa.gov/ncas/alerts/aa21-116a The FBI and DHS are providing information on the SVR’s cyber tools, targets, techniques, and capabilities to aid organizations in conducting their own investigations and securing their networks.

DEFENDING AGAINST SOFTWARE SUPPLY CHAIN ATTACKS

www.cisa.gov/publication/software-supply-chain-attacks This resource provides in-depth recommendations for software customers and vendors as well as key steps for prevention, mitigation and resilience of software supply chain attacks. PDF:

www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508.pdf

Näin Lahti selvisi uhkaavasta kyberhyökkäyksestä “Juttu oli jo aika lailla housuissa”

www.tivi.fi/uutiset/tv/8ffce8f3-e08a-40ca-9e61-b156c4e808e0 [TILAAJILLE]. Lahden kaupunki joutui kyberhyökkäyksen kohteeksi kesäkuussa 2019. Tietohallintojohtaja Marko Monni kertoo nyt, miten uhkaavasta tilanteesta selvittiin ja mitä tapaus opetti.

“Teollisen mittakaavan huijauksia” verkkopalvelun käyttäjiä varoitetaan

www.tivi.fi/uutiset/teollisen-mittakaavan-huijauksia-verkkopalvelun-kayttajia-varoitetaan/eedd90c0-305c-466b-8994-d068fc6b8a90 Liian huoleton verkostoituminen LinkedInissä saattaa käydä kalliiksi, varoittelevat viranomaiset.

Crypto miners are killing free CI

layerci.com/blog/crypto-miners-are-killing-free-ci/ CI providers like GitLab, TravisCI, and Shippable are all worsening or shutting down their free tiers due to cryptocurrency mining attacks.

Quickpost: Decrypting Cobalt Strike Traffic

blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic/ I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings.

3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

thehackernews.com/2021/04/32-billion-leaked-passwords-contain-15.html A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what’s one of the largest data dumps of breached usernames and passwords. The findings come from an analysis of a massive 100GB data set called “COMB21” aka Compilation of Many Breaches that was published for free in an online cybercrime forum earlier this February by putting together data from multiple leaks in different companies and organizations that occurred over the years.

When AIs Start Hacking

www.schneier.com/blog/archives/2021/04/when-ais-start-hacking.html If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. also:

www.belfercenter.org/publication/coming-ai-hackers

11-13 year old girls most likely to be targeted by online predators

blog.malwarebytes.com/awareness/2021/04/11-13-year-old-girls-most-likely-to-be-targeted-by-online-predators/ The Internet Watch Foundation (IWF), a not-for-profit organization in England whose mission is “to eliminate child sexual abuse imagery online”, has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of the report covered the whole of 2020.

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

threatpost.com/nvidia-security-bugs-gpu-vgpu/165597/ The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.

New ICS Threat Activity Group: TALONITE

www.dragos.com/blog/industry-news/new-ics-threat-activity-group-talonite/ Dragos first disclosed four new threat activity groups targeting ICS/OT in the ICS Cybersecurity 2020 Year in Review report. In this blog post, we will provide more information on one of the new groups: TALONITE.

Outo muutos heti Trumpin lähdettyä: nyt Pentagon valotti verkkomysteeriä

www.tivi.fi/uutiset/tv/8cac6b49-c0bc-4976-8e25-df2894fe660c Miljoonien ip-osoitteiden hallinnan muutos ihmetytti ammattilaisia.

Minnesota University Apologizes for Contributing Malicious Code to the Linux Project

thehackernews.com/2021/04/minnesota-university-apologizes-for.html Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project’s code, which led to the school being banned from contributing to the open-source project in the future.

You might be interested in …

Daily NCSC-FI news followup 2019-09-28

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html Remember the Simjacker vulnerability? Now, it turns out that the [email protected] Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorizationregardless of which handsets or mobile operating […]

Read More

Daily NCSC-FI news followup 2020-06-03

Critical SAP ASE Flaws Allow Complete Control of Databases threatpost.com/critical-sap-ase-flaws-complete-control-databases/156239/ If exploited, the most severe flaws could give unprivileged users complete control of databases and in some cases even underlying operating systems – The most severe vulnerability, CVE-2020-6248, has a CVSS score of 9.1 out of 10. See also: wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222. And also: www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/system-takeover-through-new-sap-ase-vulnerabilities/ Vulnerability Spotlight: […]

Read More

Daily NCSC-FI news followup 2021-03-30

Älä ole hiljaa: 7 syytä, joiden vuoksi verkkorötöksistä kannattaa tehdä rikosilmoitus www.is.fi/digitoday/tietoturva/art-2000007889042.html Kyberrikokset tulisi ilmoittaa poliisille, uusi Kyberrikollisuus on poliisiasia -opas kertoo. Suuri osa kyberrikoksista jää ilmoittamatta poliisille. Tähän tärkeimmät syyt ovat epäröinti käynnistää prosessi esimerkiksi negatiivisen julkisuuden pelossa, pelko omien virheiden paljastumisesta, sekä hyötyjen ja haittojen punnitseminen, johon kuuluu muun muassa uskomus rikollisen kiinni […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.